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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 
Listing of Claims: 

1 . (currently amended) A computer-implemented method of single sign-on user 
access to multiple web servers, comprising: 

authenticating a user by a first web server, the first web server also providing a 
first type of service session functionality for the user in addition to an authentication 
functionality and different from authenticating the user, creating an encrypted 
authentication token, or redirecting a web browser of the user to transmit the 
encrypted authentication token, which first type of service session functionality is also 
different from a second type of service session functionality provided for the user by a 
second web server that is not provided by the first web server, which second type of 
service session functionality is also in addition to and different from authenticating 
the user, creating an encrypted authentication token, or redirecting a web browser of 
the user to transmit the encrypted authentication token, each of said web servers 
containing information identifying the type of service session functionality provided 
by the other of said web servers and an address for the other of said web servers ; 

detecting a client request for a the second type of service session functionality 
for the user at said first web server that is not provided by the first web server, said 
first web server determining a the second web server providing the second type of 
service session functionality for the user and in response thereto creating an encrypted 
authentication token related to the user and redirecting a web browser of the user to 
the second web server; 

transmitting the encrypted authentication token from the first web server to the 
second web server via the user's web browser, wherein the authentication token 
comprises an expiration time and is digitally signed by the first web server; 
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authenticating the authentication token by the second web server; and 

providing the second type of service session functionality for the user by the 
second web server. 

2. (original) The method of claim 1 wherein the first web server and the second 
web server share a sub-domain. 

3. (original) The method of claim 2 further comprising examining the expiration 
time of the authentication token at the second web server and allowing the user to 
conduct a session at the second web server only if the expiration time has not passed. 

4. (original) The method of claim 3 wherein the authentication token comprises 
a cookie. 

5. (original) The method of claim 4 wherein transmitting the encrypted 
authentication token from the first web server to the second web server comprises 
transmitting the encrypted authentication token from the first web server to the user, 
and then from the user to the second web server. 

6. (original) The method of claim 5 wherein authenticating the user at the first 
web server comprises receiving a user name and password. 

7. (original) The method of claim 6 wherein transmitting the encrypted 
authentication token from the first web server to a second web server comprises 
transmitting the authentication token from the first web server to a computer of the 
user; and transmitting the authentication token from the computer of the user to the 
second web server. 

8. (original) The method of claim 7 wherein the first web server and the second 
web server comprise a federation of web servers. 
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9. (original) The method of claim 8 wherein authenticating the authentication 
token at the second web server comprises examining the cookie. 

10. (original) The method of claim 9 further comprising URL encoding the 
authentication token. 

1 1 . (original) The method of claim 10 further comprising URL decoding the 
authentication token at the second web server. 

12. (original) The method of claim 1 1 further comprising providing a web page to 
the user having a service selector. 

13. (original) The method of claim 12 wherein the service selector comprises a 
hyperlink. 

14. (original) The method of claim 13 wherein the hyperlink comprises a URL for 
the second web server. 

15. (previously presented) The method of claim 7, further comprising: 

sending the digitally signed authentication token to the web browser of the 
computing device by the first web server; and 

sending the authentication token to the second web server by the web browser. 

16. (original) The method of claim 1 5 further comprising allowing the user to 
conduct a session with the first web server. 

17. (original) The method of claim 16 wherein the second web server shares a 
sub-domain with the first web server. 

18. (previously presented) The method of claim 17 further comprising digitally 
signing the authentication token using public key encryption. 
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1 9. (original) The method of claim 1 8 further comprising confirming a match 
with the digital signature. 

20-24. (canceled) 

25. (currently amended) A system for single sign-on user access to multiple web 
servers, comprising: 

a means for authenticating a user by a first web server, the first web server also 
providing a first type of service session functionality for the user in addition to an 
niitVmntir.ntinn fiinotimmlitv in addition to and different from authenticating the user, 
creating an encrypted authentication token, or redirecting a web brow ser of the user to 
transmit the encrypted authentication token, which first tvpe of servi ce session 
functionality is also different from a second type of service session f unctionality 
provided for the user bv a second web server that is not provided b v the first web 
server, which second tvpe of service session functionality is also in addition to and 
different from authenticating the user, creating an encrypted authe ntication token, or 
redirecting a web browser of the user to transmit the encrypted aut hentication token, 
each of said web servers containing information identifying the tv pe of service 
session functionality provided bv the other of said web servers and a n address for the 
other of said web servers ; 

means for detecting a client request for a the second type of service session 
functionality for the user at said first web server that is not provided by the first web 
server, for determining a the second web server providing the second type of service 
session functionality for the user and in response thereto creating an encrypted 
authentication token related to the user and redirecting a web browser of the user to 
the second web server by the first web server; 

a means for transmitting the encrypted authentication token from the first web 
server to the second web server via the user's web browser, wherein the 
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authentication token comprises an expiration time and is digitally signed by the first 
web server; 

a means for authenticating the authentication token by the second web server; 

and 

a means for providing the second type of service session functionality for the 
user by the second web server. 

26. (original) The system of claim 25 wherein the first web server and the second 
web server share a sub- domain. 

27. (original) The system of claim 26 further comprising a means for examining 
the expiration time of the authentication token at the second web server. 

28. (original) The system of claim 27 wherein the authentication token comprises 
a cookie. 

29. (original) The system of claim 28 wherein the means for transmitting the 
encrypted authentication token from the first web server to the second web server 
comprises means for transmitting the encrypted authentication token from the first 
web server to the user, and then from the user to the second web server. 

30. (original) The system of claim 29 wherein the means for authenticating the 
user at the first web server comprises means for receiving a user name and password. 

3 1 . (original) The system of claim 30 wherein the means for transmitting the 
encrypted authentication token from the first web server to a second web server 
comprises means for transmitting the authentication token from the first web server to 
a computer of the user and means for transmitting the authentication token from the 
computer of the user to the second web server. 
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32. (original) The system of claim 3 1 wherein the first web server and the second 
web server comprise a federation of web servers. 

33. (original) The system of claim 32 wherein the means for authenticating the 
authentication token at the second web server comprises means for examining the 
cookie. 

34. (original) The system of claim 33 further comprising a means for URL 
encoding the authentication token. 

35. (original) The system of claim 34 further comprising a means for URL 
decoding the authentication token at the second web server. 

36. (original) The system of claim 35 further comprising a means for providing a 
web page to the user having a service selector. 

37. (original) The system of claim 36 wherein the service selector comprises a 
hyperlink. 

38. (original) The system of claim 37 wherein the hyperlink comprises a URL for 
the second web server. 

39. (previously presented) The system of claim 25 5 further comprising: 

a means for sending the digitally signed authentication token to the web 
browser of the computing device by the first web server; and 

a means for sending the authentication token to the second web server by the 
web browser. 

40. (original) The system of claim 39 further comprising a means for allowing the 
user to conduct a session with the first web server. 
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41 . (original) The system of claim 40 wherein the second web server shares a sub- 
domain with the first web server. 

42. (previously presented) The system of claim 41 further comprising means for 
digitally signing the authentication token using public key encryption. 

43. (original) The system of claim 42 further comprising a means for confirming 
a match with the digital signature. 

44-48. (canceled) 
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